Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,611
NuGet
638
pip
3,209
Pub
10
RubyGems
853
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

112 advisories

Loading
Path traversal vulnerability in stripe-cli High
CVE-2024-45401 was published for github.com/stripe/stripe-cli (Go) Sep 5, 2024
malicious container creates symlink "mtab" on the host External High
CVE-2024-5154 was published for github.com/cri-o/cri-o (Go) Jun 4, 2024
eriksjolund
Ollama can extract members of a ZIP archive outside of the parent directory High
CVE-2024-45436 was published for github.com/ollama/ollama (Go) Aug 29, 2024
Path traversal allows leaking out-of-bound files from Argo CD repo-server Moderate
CVE-2022-24731 was published for github.com/argoproj/argo-cd (Go) Mar 24, 2022
alexmt
Path traversal and dereference of symlinks in Argo CD High
CVE-2022-24348 was published for github.com/argoproj/argo-cd (Go) Feb 7, 2022
Woodpecker's custom workspace allow to overwrite plugin entrypoint executable High
CVE-2024-41121 was published for go.woodpecker-ci.org/woodpecker (Go) Jul 19, 2024
LocalAI path traversal vulnerability High
CVE-2024-5182 was published for github.com/go-skynet/LocalAI (Go) Jun 20, 2024
Kubernetes Secrets Store CSI Driver plugins arbitrary file write Moderate
CVE-2020-8567 was published for github.com/Azure/secrets-store-csi-driver-provider-azure (Go) May 24, 2022
Owncast Path Traversal vulnerability Low
CVE-2024-31450 was published for github.com/owncast/owncast (Go) Aug 5, 2024
Nginx-UI vulnerable to arbitrary file write through the Import Certificate feature Critical
CVE-2024-23827 was published for github.com/0xJacky/Nginx-UI (Go) Jan 29, 2024
Elleuch-x1
Path Traversal in Docker Moderate
CVE-2014-9356 was published for github.com/docker/docker (Go) May 18, 2021
picatz neersighted
Archiver Path Traversal vulnerability Moderate
CVE-2024-0406 was published for github.com/mholt/archiver (Go) Apr 6, 2024
Unauthenticated Access to sensitive settings in Argo CD Moderate
CVE-2024-37152 was published for github.com/argoproj/argo-cd/v2/server (Go) Jun 6, 2024
moshikoHassan
Vulnerabilities with the k8sGPT High
GHSA-85rg-8m6h-825p was published for github.com/k8sgpt-ai/k8sgpt (Go) Jun 13, 2024
atul86244
moby Access to remapped root allows privilege escalation to real root Moderate
CVE-2021-21284 was published for github.com/moby/moby (Go) Jan 31, 2024
ajxchapman awprice
nathanburrell raulgomis chris-walz mark-adams dbaxa cpuguy83 neersighted
Sender can cause a receiver to overwrite files during ZIP extraction in Croc Moderate
CVE-2023-43616 was published for github.com/schollz/croc (Go) Sep 20, 2023
schollz
sjqzhang go-fastdfs vulnerable to path traversal Critical
CVE-2023-1800 was published for github.com/sjqzhang/go-fastdfs (Go) Apr 2, 2023
Path traversal in github.com/valyala/fasthttp High
CVE-2022-21221 was published for github.com/valyala/fasthttp (Go) Mar 18, 2022
ahh vulnerable to Path Traversal High
CVE-2020-36559 was published for aahframe.work (Go) Dec 28, 2022
Stakater Forecastle has a directory traversal vulnerability High
CVE-2023-40297 was published for github.com/stakater/Forecastle (Go) May 15, 2024
Grafana directory traversal for .cvs files Moderate
CVE-2021-43815 was published for github.com/grafana/grafana (Go) May 14, 2024
github.com/u-root/u-root/pkg/cpio Arbitrary File Write via Archive Extraction (Zip Slip) High
CVE-2020-7666 was published for github.com/u-root/u-root/pkg/cpio (Go) Apr 24, 2024
Path Traversal in Moby builder Moderate
CVE-2020-27534 was published for github.com/docker/docker (Go) Jan 31, 2024
neersighted
Container escape at build time High
GHSA-pmf3-c36m-g5cf was published for github.com/containers/buildah (Go) Mar 19, 2024
rmcnamara-snyk
gin-vue-admin background arbitrary code coverage vulnerability High
CVE-2024-31457 was published for github.com/flipped-aurora/gin-vue-admin/server (Go) Apr 9, 2024
ProTip! Advisories are also available from the GraphQL API